secrets lying around on the HD

Gates, Scott SGates at olbh.com
Tue Apr 13 20:19:51 CEST 2004 

There will be temp files, and pieces of files on your machine left as you
create the plaintext document.  The editing process is messy.  Myself, I do
a daily Disk Cleanup, and weekly Defrag followed by a PGP wipe*3 of the disk
free space.  On a 40GB HDD with a medium sized processor, it takes a while,
otherwize I'd do it nightly.  I use PGP to wipe files on my HDD that contain
company secrets (yes, the company BOUGHT PGP for data security.  

Other than that, I trust GPG & PGP for TRANSFERING data securely--PGP when
I'm able to use it interactively--GPG for batched processes.  I know our
network administrator and feel reasonably secure with his ability to keep
the riff-raff out of the network.  So, Don't write GPG/PGP off completely.
  
Perhaps if you could get GPG to work on one of the various KNOPPIX distros?
Burn the client s/w to the bootable CD, then boot with that CD with the HDD
unplugged.  Might work.  Might not.  Could make for an interesting few days
of trying.  Then you could encrypt to a virtual drive in memory, send the
data to whomever, and the evidence is automagically permanently deleted when
you power down the machine.  

A friend once quoted "Three people can keep a secret, if two of them are
dead".  I ran away before he had a chance to share any privledged
information.   I haven't seen the him or the other guy since.  <GRIN>   



-----Original Message-----
From: Per Tunedal Casual [mailto:pt at radvis.nu] 
Sent: Tuesday, April 13, 2004 1:38 PM
To: gnupg-users at gnupg.org
Subject: Re: secrets lying around on the HD


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 15:50 2004-04-13, you wrote:
 >On Tue, 13 Apr 2004 14:55:33 +0200, Per Tunedal Casual said:  >  >> What
about virtual memory (SWAP-files) in Windows?  >  >That may indeed happen
and we can't do anything about it.  The only  >possible solution is to write
a device driver and let it allocate  >memory for secrets.  This memory will
then be managed via ioctls.  >There is one such driver available but it is
not Free Software so we  >have not looked deeper into it.  >  >There are
currently rumors that the W32 API VirtualLock does indeed  >lock pages
against paging - if this is true we will ad this to the  >next GnuPG
version.  >  >  Werner

Fine. I asked all these questions because I suddenly realised that things
like e.g. choosing a safe algo is all in vane if someone easily can bypass
the encryption. By e.g. finding unencrypted keys or the encrypted file in
plaintext on the computer. Per Tunedal

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32) - GPGrelay v0.94

iD8DBQFAfCV2ITLMlZFNlMoRAoa7AJ9MznZ1i0YOeNRl+8JgV9JM/uyF4gCgiJu4
nKZPeA7JOLnut+5ejGCE+iM=
=F3ET
-----END PGP SIGNATURE-----


_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

More information about the Gnupg-users mailing list